TL;DR

Windows 10 reached end of life on 14 October 2025. Microsoft has stopped shipping free security updates. Commercial Extended Security Updates cost around £50 per device for the first year, rising in years two and three. Best move for most UK SMEs: upgrade eligible devices to Windows 11 during 2026 and replace anything that can't meet the hardware bar. Staying on unsupported Windows 10 fails Cyber Essentials v3.3.

What's changed

Microsoft ended free support for Windows 10 on 14 October 2025. After that date, no more free security patches, no feature updates, no technical support and no Microsoft 365 Apps servicing beyond the limited ESU window. The operating system still boots and runs, but every month it's exposed to publicly known vulnerabilities that Microsoft won't fix. Their own end-of-support page lays out the timeline.

Your three options

  1. Upgrade to Windows 11. Free on eligible hardware. Best option if the device is roughly 2019 or newer, has TPM 2.0, UEFI boot and a supported CPU.
  2. Buy Extended Security Updates (ESU). Commercial ESU costs approximately £50 per device for year one, roughly doubling in year two, and doubling again in year three. Buys time to plan replacements — nothing more.
  3. Replace the hardware. For anything older than 2018 or built on unsupported silicon. Business laptops start around £650 ex-VAT; decent desktops £550.

Why "do nothing" isn't really an option

Running unsupported Windows 10 in a business estate causes three problems:

  • Cyber Essentials fail. From the v3.3 update on 27 April 2026, any device running unsupported software fails certification. If it's not on ESU, it's unsupported.
  • Insurance risk. Most cyber insurers now ask about out-of-support operating systems on renewal. A yes to "we still run Windows 10 without ESU" can mean exclusions on ransomware cover or rate hikes of 20–40%.
  • Microsoft 365 Apps. Microsoft 365 Apps on Windows 10 receive security updates through 10 October 2028, but are no longer fully supported, and feature availability drifts. Teams, Outlook new, Copilot all expect Windows 11.

How to plan the move

A working plan for a typical 10–50 user office:

  1. Inventory. Pull a device list with operating system, CPU, TPM status and age. Microsoft Intune or a managed IT dashboard does this in minutes; a spreadsheet does it in a morning.
  2. Categorise. Green = Windows 11 ready, upgrade in place. Amber = Windows 11 capable with a BIOS setting change. Red = replace.
  3. Order replacements early. Corporate laptop supply tightens every autumn. Order Q2/Q3 to avoid Q4 lead-time pain.
  4. Pilot the upgrade. Pick three users across roles, upgrade their devices to Windows 11, run two weeks. Surface any line-of-business app issues early.
  5. Rollout. Batches of 10–15 devices per week. Use Intune Autopatch or Windows Update for Business to manage patches post-migration.
  6. Decommission. Wipe, certify the wipe, recycle through a WEEE-compliant partner.

What Windows 11 actually changes for users

Less than you might think. The Start menu moves centre by default, File Explorer gets tabs, Snap Layouts improve window management. Keyboard shortcuts are the same. Microsoft 365 apps look identical. The real differences are under the hood: virtualisation-based security on by default, stronger credential isolation, hardware-backed boot integrity — all of which improve your cyber posture regardless of what else you do. The NCSC's own Windows 11 readiness guidance covers the security uplift in more detail.

Budgeting for the refresh

For a 20-user business with 20 laptops:

  • 10 laptops Windows 11-eligible — upgrade in place, engineer time only, roughly £500 total.
  • 10 laptops need replacing at £700 ex-VAT each — £7,000.
  • Deployment, data migration, Intune enrolment, user training — around £2,000.
  • Total: about £9,500, spread across the financial year if procurement is staged.

Compare with ESU: the same 10 unsupported devices at approximately £50 year one, £100 year two, £200 year three = £3,500 over three years for devices that will still need replacing afterwards. ESU is a bridge, not a destination.

Don't forget servers

Windows Server 2012 R2 and Windows Server 2016 are also past or close to end of mainstream support. If you still run on-prem servers, now is the natural time to decide between lift-and-shift to Azure, re-platform to Microsoft 365 and SharePoint, or replace with supported Windows Server 2022 or 2025. Our Microsoft 365 and cloud hosting pages cover the options; our managed IT support plan includes the inventory and upgrade planning as part of onboarding.

FAQs

When did Windows 10 reach end of life?

14 October 2025. Microsoft stopped providing free security updates, feature updates and technical support on that date.

How long does ESU last?

Extended Security Updates for commercial use run for three years from end of life, until October 2028, with per-device fees that escalate each year. The consumer ESU ran out after one year in October 2026.

Will my PC run Windows 11?

Usually, if it was bought after early 2019. You need TPM 2.0, UEFI boot and a supported CPU. Windows 10 machines made before 2018 will almost certainly need replacing rather than upgrading.

Does Windows 10 fail Cyber Essentials?

Yes, once it's out of support. Devices not covered by ESU are unsupported software under the v3.3 rules and will cause a certification fail.

Is Windows 11 compatible with our line-of-business apps?

In almost every case, yes — anything built for Windows 10 runs on Windows 11. Pilot with a small group for two weeks to flush out any edge cases before a full rollout.

Syntek Solutions Team

Managed IT for small businesses across West Sussex. We plan and run Windows 11 migrations for SMEs end-to-end.

Related articles

Microsoft 365

Is Microsoft 365 Business Premium worth it?

What you get for the extra £9.
Microsoft 365

SharePoint vs OneDrive for business

Which does what, and why it matters.
Pricing

How much does IT support cost in the UK?

Real price bands for 2026.